CVE-2024-24795
MEDIUM6.3EPSS 1.1%Apache HTTP Server: HTTP Response Splitting in multiple modules
發布日:2024/4/4修改日:2025/5/20
也稱為:ALPINE-CVE-2024-24795BIT-apache-2024-24795
描述
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
受影響套件(4)
- Alpine/apache2from 0, < 2.4.59-r0
- Bitnami/apache>= 2.4.0, < 2.4.59
- Debian/apache2from 0, < 2.4.59-1~deb11u1
- Debian/uwsgifrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
參考連結(13)
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2024-24795
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-24795
- WEBhttp://seclists.org/fulldisclosure/2024/Jul/18
- WEBhttps://httpd.apache.org/security/vulnerabilities_24.html
- WEBhttps://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
- WEBhttps://lists.debian.org/debian-lts-announce/2024/05/msg00014.html
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-24795
- WEBhttps://security.netapp.com/advisory/ntap-20240415-0013/
- WEBhttps://support.apple.com/kb/HT214119
- WEBhttp://www.openwall.com/lists/oss-security/2024/04/04/5